I have a user in my SQL server who shall only be able to select from views in a certain schema.
However the database does not appear in the tree folder, and hence not the Views folder.
Is there a way to enable the display of these in the tree structure without granting access to the DB itself?
CREATE SCHEMA [gib]
GO
CREATE USER [GibUser] FOR LOGIN [GibUser] WITH DEFAULT_SCHEMA=[gib]
GO
CREATE VIEW [gib].[MyLocalData]
AS
SELECT TOP 10 * FROM DBData
GO
GRANT select on [gib].[MyLocalData] TO GibUser
Related
I have a database Server with 10 databases. One of the users is with only access to 1 database.
I would like to add this user with all the permissions that they already have to all other databases. Is there anyway where I can do it?
Or do I need to create the same user for each database?
I am using SQL Server Management Studio 2018.
Thanks.
In SSMS go to securities (under database) -> logins
Then select your user and with mouse right click select properties. Then in new window select user mapping tab. Here you select all the databases you want them to give access to. (Here you can also set roles for them). Click OK and you are done. Now they have access to all the databases.
I have created a user with database roles db_datareader, db_datawriter and public. Also I have configured with server roles as public.
Now this user cannot view the list of stored procedure when clicking on stored procedures node in objects explorer. How can I assign permission to see and execute all the stored procedures? I want to do this through SSMS without launching any command.
I am using SQL Server 2012 and below versions:
Microsoft SQL Server Management Studio 11.0.2100.60
Microsoft Data Access Components (MDAC) 10.0.17763.1
Microsoft MSXML 3.0 4.0 5.0 6.0
Microsoft Internet Explorer 9.11.17763.0
Microsoft .NET Framework 4.0.30319.42000
Sistema operativo 6.3.17763
Looks like you can do this, though not as "simple" as you would expect.
I would, personally create a database role to do this. Go to your database in the Object explorer, and expand the Security Folder. Then right click Roles and Select New -> New Database Role.
Give the Role a name (I'll use db_executor) on the General Pane and then go to the Securables Pane. Click Search... at the top and select the radio option Specific Objects... and click OK. Click Object Types... and then tick Databases and then OK. Now click Browse... and tick the database you are adding the role to, then click OK and then OK.
In the datagrid at the bottom locate the Permission Execute, and tick the box in the column Grant. Then OK. This will run the below SQL on your instance:
USE [YourDatabase]
GO
CREATE ROLE [db_executor]
GO
use [YourDatabase]
GO
GRANT EXECUTE To [db_executor]
GO
Yes, Microsoft really is inconsistent with the casing of USE for that statement, and it omits the ; in it's commands.
Now you have created the role, locate the user you want to give access to in the object explorer in the Users folder. Right Click them and select Properties. Go to the Membership Pane and tick the box next to db_executor. Then click OK. This will run the below SQL on your instance:
USE [YourDatabase]
GO
ALTER ROLE [db_executor] ADD MEMBER [YourUser]
GO
Of course, why you wouldn't just run the 2 above commands, which is far quicker, I do not know.
I don't think there's a graphical way of doing this within the UI, but you can create a new query window in SSMS and execute one of these queries.
For a particular role you can:
/* GRANT EXECUTE TO THE ROLE */
GRANT EXECUTE TO role_what_needs_permissions
For a user
USE [the_database]
GO
GRANT EXECUTE TO [the_user]
I want to create a new user 'user1' that will be able to see all databases and all tables and also execute SQL statement, procedures etc.
The only thing that I want to deny is creating/dropping or change database (rename, change properties, create new database or drop existing database).
How can I do it?
If it is a dev server, I find it easiest to create a role in MODEL database that has all the right mix of privileges and then assign that role to a user mapped to a login that you need. When you create a new database that user will automatically be assigned privileges to that database.
Two caveats here: that login must be present on the server or else you will not be able to create a new database. Another important one is that the user will have completely unnecessary privileges to read and write to model database by default - definitely NOT a good idea on a production server. On a production server just create the role in model database, but only create user for the databases that you need.
This is the script you can use to create the role:
USE [model]
GO
CREATE ROLE [db_data_read_write_execute] AUTHORIZATION [db_securityadmin]
GO
ALTER ROLE [db_datareader] ADD MEMBER [db_data_read_write_execute]
GRANT EXECUTE to [db_data_read_write_execute]
GO
CREATE USER [DML_Only_User] FOR LOGIN [DML_Only_User_Login] WITH DEFAULT_SCHEMA=[dbo]
GO
ALTER ROLE [db_data_read_write_execute] ADD MEMBER [DML_Only_User]
I have a sql server 2012 instance set up as a filestore on a networked server. I need all users on computers on the same network to be able to browse the file system representing the file table. However all user can see the server, and top level directory but do no have permission to access/ open it.
What permissions should I be looking at to enable access.
use myDatabase
go
grant view definition to [user]
Run the following code within SQL
ALTER DATABASE myDatabase
SET FILESTREAM ( NON_TRANSACTED_ACCESS = FULL )
GO
Providing that FILESTREAM is enabled for the instance, this has been done, and a valid directory has been specified, it should work.
You could probably consider providing a Domain Group (1) access to the server and (2) database containing the filetable and then grant (3) specific permission to each Filetable to allow them access to its contents.
This could be done by using either using individual GRANT statements (SELECT, DELETE, UPDATE, INSERT - optional ALTER if you want them to be able to browse at the server/instance/filetablefolder level) or creating a Database role and giving it these permissions and then linking the Domain Group to that role.
some information on general FILETABLE access for users here
Add this to SQL accounts "NT AUTHORITY\Authenticated Users"
and give access to database
I am a complete SQL Server newbie but I have experience with Oracle and MySQL. I am using SQL Server Management Studio.
I have an existing database that I want to create views from but I want those views to reside in another database (schema?) which will be accessible by a separate user account that can connect via JDBC.
I can create the database easily enough, right click "Databases" and select "New Database". From there I am lost.
1) How do I grant select/update/delete permissions (to create and update views) on one database to the new database?
2) How do I create a new user?
3) How do I grant permissions for users?
Thanks in advance.
Like Martin said you need a new schema not a database.
CREATE SCHEMA [SchemaName] AUTHORIZATION dbo;
Create your Views under the new schema name then,
CREATE LOGIN [LoginName] {FROM WINDOWS} (If you are using an AD Group)
USE [DatabaseName];
CREATE USER [LoginName/Username]; (They can be the same)
GRANT EXECUTE, SELECT, INSERT, DELETE, VIEW DEFINITION ON Schema::[NewSchemaName] TO [LoginName/Username];
If you want to have a Role the create the role under the database and make the UserName a member of the Role and grant the permissions to the role.